Remote follow

Yegor Timoshenko @yegortimoshenko@mastodon.social

Anarchist, software developer.

GitLab: https://gitlab.com/yegortimoshenko

35 Toots

14 Following

78 Followers

Toots Toots and replies Media

**Yegor Timoshenko** @yegortimoshenko · Jun 14, 2018, 15:28

**Yegor Timoshenko** @yegortimoshenko · Jun 14, 2018, 15:28

Anyone can cause `gpg --recv` fail for any key on keyservers: https://bitbucket.org/skskeyserver/sks-keyserver/issues/57 #gpg

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 21:41

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 21:41

#CopperheadOS CEO has sent a DMCA takedown on my repo that contained documents about Copperhead takeover: https://screenshots.firefox.com/3VED8g86DbsZLODl/mail.riseup.net Mirror: https://github.com/yegortimoshenko/copperhead-takeover

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 21:01

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 21:01

@micahflee This is basically for the same reason: no validation on packets whatsoever. Packets that cause the key to be unimportable are clearly not RFC-compliant, but SKS still accepts those packets.

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 20:51

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 20:51

@micahflee Another SKS bug. Anyone can make a key unimportable: try `gpg --keyserver pgp.mit.edu --recv-keys 0x4F3F50786C401DCE`, it will fail. Also see https://pgp.mit.edu/pks/lookup?op=vindex&search=0x4F3F50786C401DCE

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 18:15

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 18:15

Pushed a fake UID to SKS keyserver signing key: https://pgp.key-server.io/search/0x41259773973A612A Source code (crawler next up): https://gitlab.com/yegortimoshenko/sks-tools (cc @micahflee)

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 17:00

**Yegor Timoshenko** @yegortimoshenko · Jun 12, 2018, 17:00

@todd Welcome! I really like my Librem 13 so far :-)

**Yegor Timoshenko** @yegortimoshenko · Jun 05, 2018, 16:12

**Yegor Timoshenko** @yegortimoshenko · Jun 05, 2018, 16:12

#CopperheadOS is seeing a takeover attempt by main developer's business partner. Here is a repo with some of the tweets and documents that have been since taken down: https://gitlab.com/yegortimoshenko/copperhead-takeover

**Yegor Timoshenko** @yegortimoshenko · Apr 25, 2018, 22:31

**Yegor Timoshenko** @yegortimoshenko · Apr 25, 2018, 22:31

#u2f Apparently, there is a tamper-resistant (unlike Tomu) free hardware U2F token. Unfortunately, firmware requires a proprietary tool for build.

https://u2fzero.com/
https://github.com/conorpp/u2f-zero

**Yegor Timoshenko** @yegortimoshenko · Apr 23, 2018, 19:06

**Yegor Timoshenko** @yegortimoshenko · Apr 23, 2018, 19:06

#gpg #pocketbeagle Reflashing my hardware GPG token (FST-01) with Gnuk 1.2.9 after a botched firmware upgrade :-(

Usually this requires a proprietary SWD debugger like ST-Link/V2. @gniibe@identi.ca has recently implemented bbg-swd, a SWD debugger on top of OpenOCD that runs on BeagleBoard devices using PRUSS (auxiliary real-time processors on TI SoCs).

I'm using PocketBeagle and some Dupont wires. Hope this would work without any soldering.

**Yegor Timoshenko** @yegortimoshenko · Apr 22, 2018, 21:38

**Yegor Timoshenko** @yegortimoshenko · Apr 22, 2018, 21:38

#introductions I am a NixOS developer and https://prism-break.org maintainer who feels strongly about free software, hardware, and society.